In many computer implementations, it is desirable to limit access to files based upon accessibility level. This is especially true in a government context. For example, in a government security implementation, it is quite desirable, and most likely required, for top secret files to be accessible only by users and processes having the proper clearance level (e.g. top secret clearance or above). It may also be desirable for users and processes having high clearance levels to be able to access files at lower levels (e.g. users and processes with top secret clearance can access need-to-know and public files). In order to implement such controls, some mechanism needs to be put in place to check the clearance levels of the users, processes, and files, and to determine whether certain accesses should be allowed. One such mechanism may be an operating system.
Currently, in order to implement such file access control, sensitivity labels need to be associated and stored with each file. When an access of a file is requested by a user or process, the sensitivity label of the file is checked against the sensitivity level of the user or process, and based upon that check, a decision is made as to whether to allow or deny the requested access.
This approach has several drawbacks. One drawback is that it requires a customized file system in order to work. Most standard file systems do not allow sensitivity labels to be associated and stored with each file. Thus, only a customized file system that allows sensitivity labels to be stored with each file can be used with this approach. Also, this approach requires that the sensitivity label of a file be checked each and every time that file is accessed. This imposes additional overhead on the system, which may degrade system performance. Because of these and potentially other drawbacks, this approach does not provide wholly satisfactory results. Consequently, an improved mechanism for enforcing file access control is needed.